Defeating Spies in the Sky

While it might sound like the plot of a Cold War-era spy novel, the reality is that electronic trackers, listening devices, micro-cameras, bribes, and even—metaphorically speaking—shady characters in long trench coats have become major problems within the business aviation world.

“With business aviation, we are typically dealing with high-net-worth individuals or high-value/high-stakes information, so espionage has become a bigger problem than most people think,” said J.D. LeaSure, president and CEO of counter-espionage company ComSec. “Within the aircraft’s cabin, you have a great concentration of sensitive data, intellectual property, and very personal information. And it’s all very valuable to someone.”

“The most sensitive decisions start as a simple conversation,” added Dean Cvetkoski, COO and director of activation for Activion Defence Systems, a technical surveillance counter-measure (TSCM) workplace awareness and training provider. “If an adversary can capture those discussions through human sources or covert surveillance devices, they gain intelligence without ever touching the network.”

Flight departments may have solid cybersecurity protocols in place, and believe their aircraft and passengers are safe from any cyber-eavesdropping or hacking. But experts say that’s the first mistake that too many business aircraft operators make.

Cybercrime and espionage can be linked, but they are not the same thing. And because of that, cyber-hacking into a passenger’s phone or email is way down the list of how today’s espionage adversaries will try to swipe the information they want.

“Espionage is the unlawful and unethical acquisition of a person’s or company’s data, trade secret, or proprietary information,” LeaSure said, “anything adversaries can get that will give them an advantage or competitive edge.”

For a variety of reasons, data stolen from a company doesn’t get big headlines. As an example, such an event can undermine investor confidence in the company’s future business plans. However, the FBI has highlighted estimates from the Commission on the Theft of Intellectual Property that consistently place the annual losses driven by counterfeiting, piracy, and theft of trade secrets between $225 billion and $600 billion in the U.S. alone.

“Unlike traditional theft, espionage is designed to remain invisible. The attacker does not want the victim to know their information has been taken. They want to listen, observe, and collect intelligence over time quietly,” Cvetkoski said. “Boardroom discussions, aircraft cabin conversations, and executive travel plans can reveal insights that are far more valuable than any database.”

‘Ripe Opportunities’ on Private Jets

In fact, the simple reason that business and governmental leaders are becoming more comfortable with having sensitive conversations on board their aircraft is their increasingly incorrect belief that it’s more “secure” than their office.

“I say that the private aviation industry is pretty much a ripe opportunity for corporate or personal espionage,” LeaSure said. “The number of influential and high-net-worth individuals flying today makes these aircraft prime targets for anyone looking for anything from executive and IP theft to social engineering, ransomware, or whatever. The list goes on and on.”

In 2025 alone, corporate espionage and cyber-attacks on the aviation sector surged by 600% over the previous year—and those are just the crimes that get reported, he continued. “That rise is driven by the perfect storm of technological and geographical factors that enable a much larger and easier-to-access source for sensitive information.”

Cvetkoski cautioned that in many instances, especially those driven by “government-sponsored” entities, they are smaller pieces of a much bigger and more internationally dangerous puzzle.

“If a company has direct or even indirect exposure to government secrets, energy, or infrastructure information, you may find that what you suspect is a competitor trying to obtain an unfair advantage is actually a foreign adversary or a state-sponsored threat,” he explained. “Take a look at Venezuela and how quickly the U.S. shut down its power grid. Now ask yourself: how valuable is my information to my competition?”

What’s Bugging Your Bizjet?

While cyber-tapping into a VVIP’s phone or aircraft’s wireless network would seem to be the eavesdropping tool of choice, experts say that in actuality, adversaries are still eavesdropping using the same tried and true methods their predecessors have used for decades.

“A phishing attack might get you a person’s passwords or credentials,” Cvetkoski said, “but a covert listening device gets you strategy, intent, and decision-making in real time, and from an intelligence standpoint, that’s far more valuable.”

“There are all kinds of micro-sized listening and recording devices on the market that you can buy on Amazon,” LeaSure noted. “They can store hours of conversations and then, at a set time, the unit bursts what it’s recorded out over Wi-Fi, Bluetooth, or a cellular network—whatever it can gain access to. Unfortunately, it’s a very common thing today. Our adversaries are just substituting the aircraft cabin for the C-suite on the 27th floor.”

He added that the “bad guys” can use an international mobile subscriber identity (IMSI) catcher with digital analyzer and cell-site simulator capabilities to hijack the control of cellular devices on the airplane.

“When operating in active mode, these devices mimic a wireless carrier’s cell tower to force nearby phones and cellular data devices to connect with it,” he explained. “They allow someone to capture the connections of every cellular device on the airplane and give the user total control of each device without the owner ever knowing it.”

“They can extract data, turn on microphones or recorders, or just listen in to conversations, without having any hardware on the airplane,” LeaSure said. “It’s all totally independent of the aircraft’s Wi-Fi system. As long as the phone is turned on, the enemy can control it.”

He stressed that while IMSI-catchers are available, they rely on the spy being in the same place and at the same time as the airplane. That narrows the window of opportunity. That’s why simple electronic bugs are the tools of choice for the majority of ne’er-do-wells.

Under the heading of “Things that will keep you up at night,” it’s a lot easier for people to get access to private aircraft cabins than any flight department would like to admit, the security experts believe.

The Weakest Link

“In most cases, there is no forced entry. Devices are introduced through legitimate access,” Cvetkoski said. “It can be through maintenance crews, cleaners, contractors, or anyone who has a valid reason to be around the aircraft or facility without raising suspicions.”

Bribery is more common than people realize, he continued. “Your adversaries will identify individuals that have access and, under some form of pressure—financial stress, family issues, or personal circumstances—they approach these individuals and convince them to complete the task.”

Often, the “target” doesn’t fully understand what they are doing or why, Cvetkoski added. “The person directing them may indeed be their regular supervisor and is asking them to place a sensor that only needs to be installed temporarily.”

While social manipulation is effective, it takes considerable effort to identify and coerce the right person to do the nefarious deed. It’s so much simpler for the adversary to get on the aircraft themselves.

Ethical hacker and founder and CEO of cybersecurity firm PhishFirewall, Joshua Crumbaugh, said that in his many years of being hired by large companies and government agencies to test their physical and cybersecurity practices, he has found that, in most cases, it’s more a matter of what he calls “security theater.”

“It’s the illusion of safety through the practice of implementing highly visible protocols, like gate guards, ID badges, and chain-link fences, that are designed to make executives feel secure, rather than actually stopping a threat,” he said. “In business aviation, it means spending millions on perimeter cameras, but leaving the side door propped open for the caterer. It’s a performance that deters honest people, but to a hacker or a spy, it is nothing more than a prop.

“Whether it’s a $20 high-vis vest from Amazon or a $500 suit, the right clothes grant invisible access in most situations,” Crumbaugh continued. “One of my favorite ways to exploit someone’s hospitality is to walk up to a side door or gate with a laptop bag and a coffee in each hand.”

If someone should approach him, he said he would ask: “‘Hey, can you hold that? My hands are full.’ Nine times out of 10, they will hold it open for me, and I walk right into the ‘secure’ area. We are socialized to be helpful, and hackers of any kind use that hospitality to bypass biometric locks every day.”

Another weak link in most flight departments’ security practices that Crumbaugh has exploited is what he refers to as the maintenance gap. “We spend a fortune vetting pilots and crewmembers, but what about the third-tier contractors who come in at 2 a.m. to fix or clean something?” he asked. “When a regular team member is sick, or a subcontractor is used, the aircraft becomes vulnerable if you don’t ask the right questions.”

Counterespionage Tips for Corporate Aircraft

With regards to the previous example, LeaSure suggested that one of the best ways to keep the proverbial barn door locked is to stay aware and look for behavioral red flags.

“Any type of unscheduled maintenance, technician visits, or last-minute changes to a contractor’s crew or how they behave are clues that need looking into,” he said. “I’ve found that it’s very easy to be unobserved in a hangar environment.

“I’ve swept everything from Bell JetRangers to Boeing 777s and done them over a long period of time,” LeaSure continued. “It’s not a one-and-done situation. Threats change all the time.” Electronics sweeping also includes any phones, laptops, or tablet devices passengers take on board.

In that regard, he stressed that while a company may have tight control over who has access to the flight department’s hangar and facility, the same can’t be said for the MRO providing the aircraft maintenance.

“We have been called in to sweep a client’s aircraft before, during, and after it returned from a stay in the maintenance facility,” LeaSure said. “And that includes all the furnishing, fixtures, and accessories to make sure nothing had been embedded in those items. If the value of the information is high enough, adversaries will go to great lengths to get it.”

While a company wants to take control of the situation to keep its airplane and passengers “bug-free,” the physical makeup of these devices can make visual identification nearly impossible. They can be disguised as coffee cups, screws, bolts, wires—people can look right at them and not know what they are seeing.

But, in the unlikely event that a person does find a listening device in the aircraft, Cvetkoski cautioned against taking any action.

“Do not touch anything. Attempting to remove or interfere with a suspected device can destroy evidence or activate some fail-safe mechanism,” he explained. “The correct approach is to isolate the environment if possible and engage a qualified TSCM specialist. A proper inspection requires specialized equipment and methodology to identify and neutralize any threats safely.”

While active countermeasure detection is an excellent step to add to your operation’s processes, all of the security experts stressed that it’s equally important to introduce ongoing “counter-espionage” practices to take proactive steps, including implementing tighter access control, increased vendor management, and physically securing the aircraft, especially during high-risk periods like maintenance and overnights away from home base.

“It all starts with having the initial conversations with your key executives about why you need these kinds of services,” LeaSure said. “It can be a hard sell for some people. So many of them feel strongly that their private aircraft is indeed private. Taking steps to mitigate these kinds of threats comes down to determining the real value of the information you are trying to protect.”